-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate options for certificate pinning bypass #16
Comments
There is also TrustMeAlready, which is an Xposed module. We should be able to get that running with LSPosed. However, it only hooks Also, the developer has abandoned the module and explicitly recommends using a Frida script instead: |
Anecdotally, I'd say I've seen quite a few more apps than previously report connection issues recently. |
The last pinning-related change to objection was in Feb 2021: sensepost/objection@90044d7 |
Okay, I now have 159 fresh APKs from the top 200 apps (not exactly a great success rate, but that's not what I'm looking into right now). |
Results from the very first test run on two apps:
Looks like the analysis is going to work. I'll now only need to implement a database for saving the results and I can run the full analysis. |
Analysis is running. Source code: https://github.com/tweaselORG/experiments/tree/main/cert-pinning-bypass This is going to take a while. |
First run is complete: https://github.com/tweaselORG/experiments/blob/0d27c1744f741de9fb5d88016d75b41813a50017/cert-pinning-bypass/data/results.db But we can see that 200 apps are not enough to reach any meaningful conclusions. I'll have to download more apps. |
I'm now additionally downloading the top 30 apps of each category (other than games). With that, we should have ~1000 apps. As a compromise to not have this take forever, I'll only run the new apps for 30 seconds per run (instead of 60). |
766 apps in total now. New analysis is running. |
Let's see what kinds of TLS errors we observed. I used
Since the error messages are quite different, I don't think it makes sense to write a script to handle this automatically. I just removed duplicates manually. There are only four (or five, if you count the one semi-duplicate with a different value in parentheses) different error types we observed:
|
EDIT: The numbers here are wrong, see #16 (comment). Here are the statistics of in how many apps we observed each error type per method:
Looking at that, there seems to be little difference between objection and the HTTP Toolkit script. But I am a bit confused as for how to interpret the errors. Both unpinning scripts solve at least some of the For reference: The analysis ran for 694 apps ( |
I also observed how many apps had crashed after the 30/60 seconds:
Now, we shouldn't consider the absolute numbers too much, I'm not sure how correct they are (I checked whether the foreground app ID matched the current app ID, but I think I saw some apps that were reported as crashing because they had a modal open). But the relative numbers are interesting. Seems like the HTTP Toolkit script crashes fewer apps than objection. |
Unfortunately, our mitmproxy script didn't capture the hostnames in machine-readable form, so I'll have to parse them out of the error message to analyse them. Unfortunate, but not the end of the world. Looking at the code that produces the error messages, I'm guessing the problem is that we're not collecting Makes sense, SNI is very common. |
This comment was marked as outdated.
This comment was marked as outdated.
Actually, I had a counting error in #16 (comment)! I was searching for "The client does not trust the proxy's certificate". But apparently SQLite's With that fixed, the results now look more favourably for the unpinning scripts:
Both actually fix almost all the errors that are definitely certificate pinning-related ("The client does not trust the proxy's certificate for *"). I still don't know how to interpret the "The client disconnected during the handshake" errors. |
I wrote my first custom bypass in #31. For that case at least, that really wasn't bad at all. In the results, there are barely any other apps with the clear error left. Anydesk had errors for an IP address, which seems like more trouble than it's worth: [{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43658],"serverAddress":["49.12.130.237",443],"error":"The client does not trust the proxy's certificate for 49.12.130.237:443 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40054],"serverAddress":["49.12.130.237",80],"error":"The client does not trust the proxy's certificate for 49.12.130.237:80 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",39142],"serverAddress":["49.12.130.237",6568],"error":"The client does not trust the proxy's certificate for 49.12.130.237:6568 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43662],"serverAddress":["49.12.130.237",443],"error":"The client does not trust the proxy's certificate for 49.12.130.237:443 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40062],"serverAddress":["49.12.130.237",80],"error":"The client does not trust the proxy's certificate for 49.12.130.237:80 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",39144],"serverAddress":["49.12.130.237",6568],"error":"The client does not trust the proxy's certificate for 49.12.130.237:6568 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43672],"serverAddress":["49.12.130.237",443],"error":"The client does not trust the proxy's certificate for 49.12.130.237:443 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40064],"serverAddress":["49.12.130.237",80],"error":"The client does not trust the proxy's certificate for 49.12.130.237:80 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",39154],"serverAddress":["49.12.130.237",6568],"error":"The client does not trust the proxy's certificate for 49.12.130.237:6568 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43686],"serverAddress":["49.12.130.237",443],"error":"The client does not trust the proxy's certificate for 49.12.130.237:443 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40070],"serverAddress":["49.12.130.237",80],"error":"The client does not trust the proxy's certificate for 49.12.130.237:80 (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",39158],"serverAddress":["49.12.130.237",6568],"error":"The client does not trust the proxy's certificate for 49.12.130.237:6568 (tlsv1 alert unknown ca)"}}] Apple Music might be worth a look but I doubt that their mechanism will be applicable for any non-Apple apps and there aren't that many Apple apps on Android: [{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47018],"serverAddress":["23.192.152.19",443],"error":"The client does not trust the proxy's certificate for init.itunes.apple.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47028],"serverAddress":["23.192.152.19",443],"error":"The client does not trust the proxy's certificate for apps.mzstatic.com (tlsv1 alert unknown ca)"}}] And finally, Commerzbank crashes anyway on rooted devices: [{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47122],"serverAddress":["212.149.50.16",443],"error":"The client does not trust the proxy's certificate for app.commerzbank.de (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}}] |
Instead, I'll look into the Let's start with [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 45830],
"serverAddress": ["34.102.211.197", 443],
"error": "The client disconnected during the handshake. If this happens consistently for czqk28jt.apicdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 45834],
"serverAddress": ["34.102.211.197", 443],
"error": "The client disconnected during the handshake. If this happens consistently for czqk28jt.apicdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 42694],
"serverAddress": ["35.190.70.79", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 42702],
"serverAddress": ["35.190.70.79", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 42708],
"serverAddress": ["35.190.70.79", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 42720],
"serverAddress": ["35.190.70.79", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 42728],
"serverAddress": ["35.190.70.79", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.sanity.io, this may indicate that the client does not trust the proxy's certificate."
}
}
] Now, curiously, I just started this app without any bypass (but using HTTP Toolkit instead of mitmproxy) and those requests worked just fine: |
Also works in mitmproxy if I use the bypass script. So it seems like at least for this app, the error was just a fluke and is nothing that we need to worry about. |
Next up [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 39412],
"serverAddress": ["142.250.186.99", 443],
"error": "The client disconnected during the handshake. If this happens consistently for www.gstatic.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 39424],
"serverAddress": ["142.250.186.99", 443],
"error": "The client disconnected during the handshake. If this happens consistently for www.gstatic.com, this may indicate that the client does not trust the proxy's certificate."
}
}
] I had to try multiple times to get it to do any connections to gstatic.com, in most runs it just didn't even try to connect that. But in one run, I did see the error again:
But mitmproxy did also successfully intercept requests to that domain: So, this again seems more like a hiccup than an actual problem we need to deal with. |
Next up [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 38802],
"serverAddress": ["193.169.76.13", 443],
"error": "The client disconnected during the handshake. If this happens consistently for www.fotoparadies.de, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40680],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40634],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40662],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for dls.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40696],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 48932],
"serverAddress": ["63.140.62.160", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cewecolor.sc.omtrdc.net, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40632],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40672],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 40666],
"serverAddress": ["193.169.77.7", 443],
"error": "The client disconnected during the handshake. If this happens consistently for delapi.photoprintit.com, this may indicate that the client does not trust the proxy's certificate."
}
}
] Without a bypass, these all went through fine and without any errors logged. And again same thing with the bypass script. |
I'll try a few more to be sure. These were the errors logged for [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 39602],
"serverAddress": ["23.42.197.95", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.mdr.de, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 39622],
"serverAddress": ["23.42.197.95", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.mdr.de, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 39626],
"serverAddress": ["23.42.197.95", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.mdr.de, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 38816],
"serverAddress": ["142.251.32.97", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.ampproject.org, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 38802],
"serverAddress": ["142.251.32.97", 443],
"error": "The client disconnected during the handshake. If this happens consistently for cdn.ampproject.org, this may indicate that the client does not trust the proxy's certificate."
}
}
] I am seeing the same errors logged, but requests to the same hosts are in fact going through: |
Let's do [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 44960],
"serverAddress": ["142.250.186.129", 443],
"error": "The client disconnected during the handshake. If this happens consistently for tpc.googlesyndication.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 37126],
"serverAddress": ["172.217.16.194", 443],
"error": "The client disconnected during the handshake. If this happens consistently for pagead2.googlesyndication.com, this may indicate that the client does not trust the proxy's certificate."
}
}
]
|
One more. [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 43870],
"serverAddress": ["54.186.23.98", 443],
"error": "The client disconnected during the handshake. If this happens consistently for r.stripe.com, this may indicate that the client does not trust the proxy's certificate."
}
},
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 43878],
"serverAddress": ["54.186.23.98", 443],
"error": "The client disconnected during the handshake. If this happens consistently for r.stripe.com, this may indicate that the client does not trust the proxy's certificate."
}
}
] Same old, same old. I am seeing errors logged for |
Okay, with that, I am pretty sure that we can just disregard the "The client disconnected during the handshake." errors. There may be cases where these are an actual cert pinning problem, but I didn't find any of those. |
And I'd guess that the "connection closed early" ones are also only intermittent and not related to cert pinning. Example of this error as reported during the analysis (for [
{
"status": "tlsFailed",
"context": {
"clientAddress": ["10.0.0.1", 48864],
"serverAddress": ["104.16.227.10", 443],
"error": "connection closed early"
}
}
] I started a few apps ( I didn't observe any "connection closed early"s this time. With that, I'm pretty happy to conclude that we don't need to worry about those, either. |
Okay, to give this a little conclusion for now: I'm now pretty sure now that For that one, both objection and the HT script are pretty good:
I'd say we do switch to the HT script (it seems more actively maintained, is not worse and maybe even a little better than objection, and it saves us from all the trouble we had with keeping objection's process around (tweaselORG/appstraction#101, tweaselORG/appstraction#24)). Other than that, I'm now feeling pretty confident that we'll be able to write our own bypasses for the pinning problems we will encounter. But I don't think we need to invest too much effort into that for the moment (I was in the mood for writing a few bypasses, but really struggled to find any apps where that was necessary :D). |
One more thing to consider: In my previous run, I excluded the games categories (games tend to be quite large, which I wanted to avoid). But we should see whether they maybe employ different pinning techniques. I've now reincluded the main "Games" category and am downloading the apps for that. |
This has finally forced me to fix the platform in the download code. I didn't bother to redownload the x86-only apps I already had. |
The results for the extended run with games are in. I've now analysed 1046 apps. Crashes per method[
{ method: 'httptoolkit', crashCount: 55 },
{ method: 'none', crashCount: 49 },
{ method: 'objection', crashCount: 70 }
] Pattern stays the same. We still shouldn't trust the absolute numbers but the HT script is still a lot less prone to making apps crash. Observed TLS errors per method and appApps per method with TLS error "The client disconnected during the handshake": [
{ method: 'httptoolkit', appCount: 111 },
{ method: 'none', appCount: 98 },
{ method: 'objection', appCount: 123 }
]
Apps per method with TLS error "The client does not trust the proxy''s certificate for": [
{ method: 'httptoolkit', appCount: 8 },
{ method: 'none', appCount: 47 },
{ method: 'objection', appCount: 9 }
]
Apps per method with TLS error "connection closed early": [
{ method: 'httptoolkit', appCount: 93 },
{ method: 'none', appCount: 90 },
{ method: 'objection', appCount: 101 }
]
Apps per method with TLS error "Client and mitmproxy cannot agree on a TLS version to use": [
{ method: 'httptoolkit', appCount: 3 },
{ method: 'none', appCount: 3 },
{ method: 'objection', appCount: 2 }
]
Apps per method with any TLS error: [
{ method: 'httptoolkit', appCount: 171 },
{ method: 'none', appCount: 196 },
{ method: 'objection', appCount: 180 }
] As we determined, only the "The client does not trust the proxy's certificate for" errors matter for us. We now have the following four additional apps that the HT script can't (fully) unpin:
[{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43520],"serverAddress":["185.26.181.241",443],"error":"The client does not trust the proxy's certificate for global-turbo2-1.opera-mini.net (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45926],"serverAddress":["185.26.181.220",443],"error":"The client does not trust the proxy's certificate for global-turbo2.opera-mini.net (tlsv1 alert unknown ca)"}}]
[{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",39384],"serverAddress":["2.20.215.226",443],"error":"The client does not trust the proxy's certificate for clientsettingscdn.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41520],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41546],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41530],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41556],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for ephemeralcounters.api.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41578],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41558],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for ephemeralcounters.api.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41592],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41606],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for locale.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41618],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for catalog.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41644],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41630],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41572],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41662],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41646],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for thumbnails.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41666],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41668],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41674],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for locale.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41678],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for catalog.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41684],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41698],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41688],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41700],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41716],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41722],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for locale.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41736],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41734],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for catalog.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41748],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41764],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41776],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41792],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for apis.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41800],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for locale.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41814],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41826],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for catalog.roblox.com (tlsv1 alert unknown ca)"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41840],"serverAddress":["128.116.44.4",443],"error":"The client does not trust the proxy's certificate for avatar.roblox.com (tlsv1 alert unknown ca)"}}]
[{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43336],"serverAddress":["35.241.16.93",443],"error":"The client does not trust the proxy's certificate for bolt-gcdn.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",38056],"serverAddress":["108.156.0.245",443],"error":"The client does not trust the proxy's certificate for cf-st.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49404],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43338],"serverAddress":["35.241.16.93",443],"error":"The client does not trust the proxy's certificate for bolt-gcdn.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49420],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49430],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49432],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49438],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49452],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",38060],"serverAddress":["108.156.0.245",443],"error":"The client does not trust the proxy's certificate for cf-st.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49466],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49474],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49486],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49494],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43352],"serverAddress":["35.241.16.93",443],"error":"The client does not trust the proxy's certificate for bolt-gcdn.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49496],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49504],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49508],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49510],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49514],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43366],"serverAddress":["35.241.16.93",443],"error":"The client does not trust the proxy's certificate for bolt-gcdn.sc-cdn.net (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49518],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49528],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49530],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49542],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49554],"serverAddress":["3.251.220.173",443],"error":"The client does not trust the proxy's certificate for aws.api.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49410],"serverAddress":["3.251.220.173",443],"error":"The client disconnected during the handshake. If this happens consistently for aws.api.snapchat.com, this may indicate that the client does not trust the proxy's certificate."}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49556],"serverAddress":["3.251.220.173",443],"error":"The client disconnected during the handshake. If this happens consistently for aws.api.snapchat.com, this may indicate that the client does not trust the proxy's certificate."}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",38168],"serverAddress":["35.244.195.33",443],"error":"The client does not trust the proxy's certificate for app-analytics-v2.snapchat.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49572],"serverAddress":["3.251.220.173",443],"error":"The client disconnected during the handshake. If this happens consistently for aws.api.snapchat.com, this may indicate that the client does not trust the proxy's certificate."}}]
[{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47022],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api21-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",44172],"serverAddress":["8.8.4.4",443],"error":"The client does not trust the proxy's certificate for dns.google (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40994],"serverAddress":["23.38.98.9",443],"error":"The client does not trust the proxy's certificate for api16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49130],"serverAddress":["23.53.42.200",443],"error":"The client does not trust the proxy's certificate for api16-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",42070],"serverAddress":["146.75.122.73",443],"error":"The client does not trust the proxy's certificate for api21-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47028],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47042],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47050],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47056],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47068],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47070],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47098],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",42472],"serverAddress":["2.20.142.67",443],"error":"The client does not trust the proxy's certificate for tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47082],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45458],"serverAddress":["95.101.111.138",443],"error":"The client does not trust the proxy's certificate for log-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45468],"serverAddress":["95.101.111.138",443],"error":"The client does not trust the proxy's certificate for log-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47106],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47122],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47136],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41006],"serverAddress":["23.38.98.9",443],"error":"The client does not trust the proxy's certificate for api16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47152],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45470],"serverAddress":["95.101.111.138",443],"error":"The client does not trust the proxy's certificate for log-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47154],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47162],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47170],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47174],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47188],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47186],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47192],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47204],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47220],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37412],"serverAddress":["95.101.111.162",443],"error":"The client does not trust the proxy's certificate for vcs-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47226],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47228],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47230],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47232],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37424],"serverAddress":["95.101.111.162",443],"error":"The client does not trust the proxy's certificate for vcs-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41018],"serverAddress":["23.38.98.9",443],"error":"The client does not trust the proxy's certificate for api16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",42084],"serverAddress":["146.75.122.73",443],"error":"The client does not trust the proxy's certificate for api21-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49144],"serverAddress":["23.53.42.200",443],"error":"The client does not trust the proxy's certificate for api16-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47234],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api21-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",44180],"serverAddress":["8.8.4.4",443],"error":"The client does not trust the proxy's certificate for dns.google.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37426],"serverAddress":["95.101.111.162",443],"error":"The client does not trust the proxy's certificate for vcs-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47238],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for api19-va.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",44068],"serverAddress":["23.38.98.48",443],"error":"The client does not trust the proxy's certificate for tnc16-platform-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",44834],"serverAddress":["95.101.111.179",443],"error":"The client does not trust the proxy's certificate for tnc16-platform-useast1a.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37432],"serverAddress":["95.101.111.162",443],"error":"The client does not trust the proxy's certificate for vcs-boot.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47244],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for log19-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41384],"serverAddress":["34.98.103.214",443],"error":"The client does not trust the proxy's certificate for log22-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47248],"serverAddress":["146.75.118.73",443],"error":"The client does not trust the proxy's certificate for rtlog19-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41396],"serverAddress":["34.98.103.214",443],"error":"The client does not trust the proxy's certificate for rtlog22-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",40444],"serverAddress":["34.149.167.221",443],"error":"The client does not trust the proxy's certificate for webcast22-ws-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",44036],"serverAddress":["95.101.111.134",443],"error":"The client does not trust the proxy's certificate for webcast16-ws-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",42100],"serverAddress":["146.75.122.73",443],"error":"The client does not trust the proxy's certificate for webcast19-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49992],"serverAddress":["95.101.111.173",443],"error":"The client does not trust the proxy's certificate for webcast16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49148],"serverAddress":["23.53.42.200",443],"error":"The client does not trust the proxy's certificate for api16-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47620],"serverAddress":["34.102.215.99",443],"error":"The client does not trust the proxy's certificate for 34.102.215.99:443 (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",49158],"serverAddress":["23.53.42.200",443],"error":"The client does not trust the proxy's certificate for api16-core-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45196],"serverAddress":["147.160.190.227",443],"error":"The client does not trust the proxy's certificate for api31-core-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47630],"serverAddress":["34.102.215.99",443],"error":"The client does not trust the proxy's certificate for 34.102.215.99:443 (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",38726],"serverAddress":["95.101.111.174",443],"error":"The client does not trust the proxy's certificate for api-boot.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45206],"serverAddress":["147.160.190.227",443],"error":"The client does not trust the proxy's certificate for api31-core-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41026],"serverAddress":["23.38.98.9",443],"error":"The client does not trust the proxy's certificate for api16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37024],"serverAddress":["139.177.227.225",443],"error":"The client does not trust the proxy's certificate for api31-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47640],"serverAddress":["34.102.215.99",443],"error":"The client does not trust the proxy's certificate for 34.102.215.99:443 (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",47656],"serverAddress":["34.102.215.99",443],"error":"The client does not trust the proxy's certificate for 34.102.215.99:443 (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",41038],"serverAddress":["23.38.98.9",443],"error":"The client does not trust the proxy's certificate for api16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",37030],"serverAddress":["139.177.227.225",443],"error":"The client does not trust the proxy's certificate for api31-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",43062],"serverAddress":["95.101.111.183",443],"error":"The client does not trust the proxy's certificate for search16-normal-c-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}},{"status":"tlsFailed","context":{"clientAddress":["10.0.0.1",45212],"serverAddress":["147.160.190.227",443],"error":"The client does not trust the proxy's certificate for search31-normal-alisg.tiktokv.com (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))"}}] At least TikTok and Snapshot require app-specific bypasses that already exist but aren't included in the HT script: https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass, https://github.com/Eltion/Snapchat-SSL-Pinning-Bypass Domains with untrusted certificate without bypassSet(94) {
'config.eu.usercentrics.eu',
'apps.o2online.de',
'app.eu.usercentrics.eu',
'api.amazon.com',
'gw1.seal-one.com',
'gw3.seal-one.com',
'gw2.seal-one.com',
'ecert.entersect.co.za',
'connect-dre.hispace.hicloud.com',
'app.kaufland.net',
'appgateway.lidlplus.com',
'config2.mparticle.com',
'identity.mparticle.com',
'app-api.klarna.com',
'api-m.paypal.com',
'www.paypalobjects.com',
'b.stats.paypal.com',
'p.paypal.com',
'c.paypal.com',
'api.twitter.com',
'video.twimg.com',
'pbs.twimg.com',
'www.clickforbrand.de',
'www.dhl.de',
'mcd-mobileapp-prod.azureedge.net',
'eu-prod.api.mcd.com',
'connect-dre.dbankcloud.cn',
'mobileconfigurationpublic.trendyol.com',
'demeter-int-ecom-collect.trendyol.com',
'browsingpublic.trendyol.com',
'app.omc.advanzia.com',
'49.12.130.237:443',
'49.12.130.237:80',
'49.12.130.237:6568',
'init.itunes.apple.com',
'apps.mzstatic.com',
'www.commerzbank.de',
'api.dropboxapi.com',
'api-d.dropbox.com',
'api.appewa.com',
'auth-proxy.1und1.de',
'app.commerzbank.de',
'api1.finanzguru.de',
'api.api.generalimobilehealth.com',
'content.app.my.audi.com',
'dcs.audi.com',
'api.faceapp.io',
'hosts.faceapp.io',
'api.lovoo.com',
'api.amazon.co.uk',
'api.amazon.de',
'katalk.kakao.com',
'edge.microsoft.com',
'self.events.data.microsoft.com',
'config.edge.skype.com',
'www.bing.com',
'edge-conumer-static.azureedge.net',
'superapp.msn.com',
'www.wikipedia.org',
'c.bingapis.com',
'www.facebook.com',
'global-turbo2-1.opera-mini.net',
'global-turbo2.opera-mini.net',
'apis.roblox.com',
'ephemeralcounters.api.roblox.com',
'lms.roblox.com',
'catalog.roblox.com',
'avatar.roblox.com',
'thumbnails.roblox.com',
'clientsettingscdn.roblox.com',
'locale.roblox.com',
'cf-st.sc-cdn.net',
'bolt-gcdn.sc-cdn.net',
'aws.api.snapchat.com',
'app-analytics-v2.snapchat.com',
'api.braintreegateway.com',
'api21-core-c-alisg.tiktokv.com',
'dns.google',
'api21-normal-c-alisg.tiktokv.com',
'api16-core-c-alisg.tiktokv.com',
'api16-normal-c-alisg.tiktokv.com',
'api19-va.tiktokv.com',
'tiktokv.com',
'log-va.tiktokv.com',
'webcast-va.tiktokv.com',
'dns.google.com',
'mon.isnssdk.com',
'tnc16-platform-alisg.tiktokv.com',
'tnc16-platform-useast1a.tiktokv.com',
'vcs-va.tiktokv.com',
'app-api.meine.aok.de',
'ibm.ru2.ibmepatest.de',
'outage.bluepostbox.de',
'myrawebgate.bluepostbox2.de'
} Unsolved domains despite bypass (for either script)Set(50) {
'config.eu.usercentrics.eu',
'app.eu.usercentrics.eu',
'api.amazon.com',
'49.12.130.237:443',
'49.12.130.237:80',
'49.12.130.237:6568',
'init.itunes.apple.com',
'apps.mzstatic.com',
'app.commerzbank.de',
'global-turbo2.opera-mini.net',
'global-turbo2-1.opera-mini.net',
'apis.roblox.com',
'clientsettingscdn.roblox.com',
'ephemeralcounters.api.roblox.com',
'locale.roblox.com',
'avatar.roblox.com',
'thumbnails.roblox.com',
'catalog.roblox.com',
'cf-st.sc-cdn.net',
'bolt-gcdn.sc-cdn.net',
'aws.api.snapchat.com',
'app-analytics-v2.snapchat.com',
'dns.google',
'api16-normal-c-alisg.tiktokv.com',
'api16-core-c-alisg.tiktokv.com',
'api21-normal-c-alisg.tiktokv.com',
'api21-core-c-alisg.tiktokv.com',
'api19-va.tiktokv.com',
'log-va.tiktokv.com',
'tiktokv.com',
'vcs-va.tiktokv.com',
'webcast-va.tiktokv.com',
'tnc16-platform-alisg.tiktokv.com',
'tnc16-platform-useast1a.tiktokv.com',
'vcs-boot.tiktokv.com',
'log19-normal-alisg.tiktokv.com',
'log22-normal-alisg.tiktokv.com',
'rtlog19-normal-alisg.tiktokv.com',
'rtlog22-normal-alisg.tiktokv.com',
'webcast22-ws-alisg.tiktokv.com',
'webcast16-ws-alisg.tiktokv.com',
'webcast19-normal-c-alisg.tiktokv.com',
'webcast16-normal-c-alisg.tiktokv.com',
'api31-core-alisg.tiktokv.com',
'34.102.215.99:443',
'api-boot.tiktokv.com',
'api31-normal-alisg.tiktokv.com',
'search16-normal-c-alisg.tiktokv.com',
'search31-normal-alisg.tiktokv.com',
'dns.google.com'
} Comparing the solved domains per methodBoth objection and the HT script "solved" 61 domains each (i.e. those domains had a TLS error due to certificate pinning in the run without a bypass but not in the run with the respective script). The sets of their solved domains are almost identical. It's not unlikely that the two differences we did observe are false-positives (after all it is very plausible that an app doesn't try to contact the exact same domains on each run, and we already know that TikTok should require a specific bypass not included in objection): Comparing solved domains between objection and httptoolkit: { added: [ 'webcast-va.tiktokv.com' ], removed: [ 'dns.google.com' ] } Note that I still used the old version of the HT script without my recent changes for the new apps. |
I've opened tweaselORG/appstraction#111 to switch to the HT script in appstraction. I think with that, we can consider this done for now. |
Currently, we're using objection on Android and SSL Kill Switch 2 on iOS.
I definitely also want to consider https://github.com/httptoolkit/frida-android-unpinning.
The text was updated successfully, but these errors were encountered: